<?
/*
+--------------------------------------------------------------------------
|   phpBIZ v m2.1  full version
|   ========================================
|   by taft@wjl.cn yejun@wjl.cn
|   http://www.phpbiz.cn http://www.wjl.cn
|   all rights reserved
+---------------------------------------------------------------------------
|
|   > 后台核心业务处理
|   > 最后修改日期：2005-4-30 2006-2-8
|
+--------------------------------------------------------------------------
*/

define('ROOT_PATH',"./");

require ROOT_PATH."conf_global.php";
require ROOT_PATH."constant.php";

/*--------一些基本函数   -----------------*/

require ROOT_PATH."source/Admin/functions.php";
$std = new FUNC;

/*-------从url或表单里面提取变量-----------*/
$INCOME = $std -> parse_income();
/*----------加载数据库驱动类--------------*/

$CONF['sql_driver'] = !$CONF['sql_driver'] ? 'mySQL' : $CONF['sql_driver'];
define('TO_REQUIRE', ROOT_PATH."source/Drivers/".$CONF['sql_driver'].".".$CONF['php_ext']);  
require (TO_REQUIRE);

$DB = new DB;
$DB->info['host'] = $CONF['sql_host'];
$DB->info['usr']  = $CONF['sql_user'];
$DB->info['pwd']  = $CONF['sql_pwd'];
$DB->info['db']   = $CONF['sql_db'];
$DB->db_connect();

if(file_exists(ROOT_PATH."cache/level_cache.php")) require ROOT_PATH."cache/level_cache.php";

/*-----------加载公用html单元--------------*/
require ROOT_PATH."source/Admin/admin_skin.php";
$SKIN = new admin_skin;

require ROOT_PATH."source/Admin/admin_functions.php";
$ADMIN = new admin_functions;

$SESS  = new session;

require ROOT_PATH."source/Admin/admin_tree.php";  // 包含 $TREE $DESC $CATS 

/*-----------左边菜单的伸缩---------------*/
if( $INCOME['code'] =='logout'  ) 
{ 
    session_start();
	session_unset();
	session_destroy();
	echo "<meta http-equiv='refresh' content='0;url=admin.php'>";
	exit;
}

if( $INCOME['show'] =="" )
{
	foreach($CATS as $cid => $name)
	{
		$INCOME['show'] .= $cid.',';
	}
}

if ($INCOME['show'] == 'none')
{
	$INCOME['show'] = "";
}
else if ($INCOME['show'] == 'all')  //全部展看
{
	$INCOME['show']     = "";
	
	foreach($CATS as $cid => $name)
	{
		$INCOME['show'] .= $cid.',';
	}
}
else
{   
	$INCOME['show'] = preg_replace( "/(?:^|,)".$INCOME['out']."(?:,|$)/", ",", $INCOME['show'] );
	$INCOME['show'] = preg_replace( "/,,/" , "" , $INCOME['show'] );
	$INCOME['show'] = preg_replace( "/,$/" , "" , $INCOME['show'] );
	$INCOME['show'] = preg_replace( "/^,/" , "" , $INCOME['show'] );
}

/*----------------------------------------*/
if(!$CONF['single_upload_dir'])
	$CONF['upload_dir'] = $CONF['upload_dir'].date("Y")."/".date("m")."/";
/*---------------判断登陆类别---------------*/

$ADMINER = array();

if( !$SESS->is_login() and $INCOME['login']!='yes' )
{   
	do_login("登陆");
}
else
if( $INCOME['login'] == 'yes' )
{
    //先验证 后处理登陆
	if( $INCOME['username']=="" or $INCOME['password']=="" )  do_login("请输入完整的用户名或密码");
	else
	{
		 session_start();
		  if(md5($INCOME['auth'])!=$_SESSION['authcode'])
			  do_login("验证码错误！");
		  else
			  unset($_SESSION['authcode']);
		  
		 $usr = $INCOME['username'];
		 $pwd = md5($INCOME['password']);

	     $DB -> db_query( "select * from biz_admin_user where user_account = '$usr' ");
		 $result = $DB -> db_fetch_row();
         
		 if( $DB -> db_fetch_num()<1 ) 
		 {   
			 $ADMIN -> record_log( "非法登陆，用户：$usr 密码：$INCOME[password]");
			 do_login("用户不存在！");
		 }

		 else if( $pwd!=$result["user_password"] )
		 {  
			 $ADMIN -> record_log("非法登陆，用户：$usr 密码：$INCOME[password]");
			 do_login("密码错误！");
		 }
		 else
		 {  //登陆成功拉！
            $SESS->set_login($result['user_id']);	
			$INCOME['session'] = $SESS->get_session_id();
            
			 $_SESSION['result'] = $result;
					
			$v_time = date( "Y-m-d H:m:s");

			$sql = "UPDATE `biz_admin_user` SET `user_ip` = '{$INCOME[ip]}', `user_last_visit_date` = '{$v_time}', `user_visit_count` = user_visit_count + 1 WHERE `user_id` = '$result[user_id]' LIMIT 1"; 
		    $DB -> db_query($sql);
			echo "<script>parent.location='admin.php'</script>";
			exit;
		 
		 }
	}
}
			
$ADMINER = $_SESSION['result'];
$rightset = get_right($ADMINER[user_level]);
if($SESS->is_login() )
{
	do_admin_stuff();

}else
{
	do_login("session无效，请重新登陆！");

}

/**
*     登陆处理函数
*
*     @param  string  登陆提示信息
*      
*     @access public
*/

function do_login( $msg='' )
{
	global $INCOME,$SKIN,$ADMIN;

	if( $msg != '')
	{
		$ADMIN -> page_instruction = "<br><br><div style='color:red;font-weight:bold'>$msg</div>";
	}
	    
	/*------------------登陆界面构造----------------------*/
	
	
	$SKIN -> td_header[] = array('','20%');
	$SKIN -> td_header[] = array('','');
	
	$ADMIN -> html .= $SKIN -> table_head();
	$ADMIN -> html .= $SKIN -> form_head();
	$ADMIN -> html .= $SKIN -> form_element( array( "hidden" => array("login","yes")));
	$ADMIN -> html .= $SKIN -> table_row( array( "你的用户名",
										"<input style='width: 100%;' name='username' value='' type='text'>")
							  );
	$ADMIN -> html .= $SKIN -> table_row( array("你的密码",
										"<input style='width: 100%;' name='password' value='' type='password'>") 
                              );
		$ADMIN -> html .= $SKIN -> table_row( array("验证码",
										"<input style='width: 20%;' name='auth' value='' type='password'> <img src='source/code.php'>") 
                              );
    $ADMIN -> html .= $SKIN -> form_end("登陆");
	$ADMIN -> html .= $SKIN -> table_end();
	$ADMIN -> output();	

}


/**
*     act事件处理函数
*
*     @access public
*/

function do_admin_stuff()
{
	global $INCOME, $ADMIN, $SKIN, $std, $CONF,$rightset;

	$right_key = $INCOME[act].$INCOME[code];
	$item = array( 
		            "op" => "operation",
		            "sql" => "sql",
					"mem"=> "seller",
					"index"=>"index",
					"frm"=>"frame",
					"menu" =>"menu",
					"shop"=>"shop",
					"cat"=> "categories",
		            "pwd" => "password",
		            "log" => "loginfo",
		            "hlp" => "help",
					"mes" => "message",
		            "charge" => "charge",
				 );

	$INCOME['act'] = ($INCOME['act'] =='')? 'idx': $INCOME['act'];
	if( !$item[$INCOME['act']] and $INCOME['code'] !='logout' ) $INCOME['act'] ='frm' ;
	if( $INCOME['act'] == 'frm' )
	{
		echo $SKIN->frame_set();
		exit;
	}
	if( $INCOME['act'] == 'menu')
	{
		$ADMIN -> menu();
	}elseif($INCOME['act']=='pwd'){
	    require ROOT_PATH."source/Admin/ad_".$item[$INCOME['act']].".".$CONF['php_ext'];
	}
	elseif($rightset[$right_key] || $INCOME['act']=='index')
	{  
		require ROOT_PATH."source/Admin/ad_".$item[$INCOME['act']].".".$CONF['php_ext'];
	}else{
	$ADMIN -> error("权限不足!");
	}
}

function get_right($gid)
{
	global $DB;

	$rightset=array();
	$DB -> db_query("SELECT gid,rightset FROM biz_admin_level WHERE gid=".$gid);
	if( $r = $DB -> db_fetch_row() ){
		$rightset = unserialize($r['rightset']);
	    $rightset['gid'] = $gid;
	}
	else{
		$rightset=array('gid'=>$gid);
	}
	return $rightset;
}

?>